In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Gregory J. Touhill, director of the SEI CERT Division, talks with principal researcher Suzanne Miller about the 2020 attack on Solar Winds software and how to prevent a recurrence of another major attack on key systems that are in widespread use. Solar Winds is the name of a company that provided software to the U.S. federal government. In late 2020, news surfaced about a cyberattack that had already been underway for several months and that had reportedly compromised 250 government agencies, including the Treasury Department, the State Department, and nuclear research labs. In addition to compromising data, the attack resulted in financial losses of more than $90 million and was probably one of the most dangerous modern attacks on software and software-based businesses and government agencies in the recent past. The SolarWinds incident demonstrated the challenges of securing systems when they are the product of complex supply chains.
In this podcast, Touhill discusses topics including the need for systems to be secure by design and secure by default, the importance of transparency in the reporting of vulnerabilities and anomalous system behavior, the CERT Acquisition Security Framework, the need to secure data across a wide range of disparate devices and systems, and tactics and strategies for individuals and organizations to safeguard their data and the systems they rely on daily.
Build Security In Maturity Model (BSIMM) – Practices from Seventy Eight Organizations
An Interview with Grady Booch
Structuring the Chief Information Security Officer Organization
How Cyber Insurance Is Driving Risk and Technology Management
A Field Study of Technical Debt
How the University of Pittsburgh Is Using the NIST Cybersecurity Framework
A Software Assurance Curriculum for Future Engineers
Four Types of Shift Left Testing
Capturing the Expertise of Cybersecurity Incident Handlers
Toward Speed and Simplicity: Creating a Software Library for Graph Analytics
Improving Quality Using Architecture Fault Analysis with Confidence Arguments
A Taxonomy of Testing Types
Reducing Complexity in Software & Systems
Designing Security Into Software-Reliant Systems
Agile Methods in Air Force Sustainment
Defect Prioritization With the Risk Priority Number
SEI-HCII Collaboration Explores Context-Aware Computing for Soldiers
An Introduction to Context-Aware Computing
Data Driven Software Assurance
Applying Agile in the DoD: Twelfth Principle
Create your
podcast in
minutes
It is Free